Finding Labels
Labels are user made tags which can be assigned to a finding. Each Cantina Code repository can have its own custom tags and the permissions of allowing a user to create or modify a tag depend on the circumstances of the engagement and security review type.Finding Status
Below you can find a list with all the finding statuses used during a competition.| Status | Description |
|---|---|
| New | Once a finding is submitted by the security researcher, it will be labelled as new by default. |
| Disputed | On the occasion where the competition client disagrees with the judging decision of a finding, they would change the status of the finding to disputed while providing reasoning to the change. |
| Rejected | Upon review, if the finding does not fit the criteria within the competitive scoring schema, the judge will list the finding as rejected. |
| Duplicate | A finding is marked as duplicate when it’s the same issue reported by someone else. Duplicates are rewarded as well. |
| Potentially Duplicate | Similar functionality to Duplicate. |
| Confirmed | When the finding is valid, it will be labelled as confirmed and be awarded based on the competition prize pool. |
| Acknowledged | After a finding is confirmed by the judge, the competition sponsor will have to acknowledge and double confirm the issue. |
| Fixed | The sponsor after acknowledging issues can apply fixes to the code. This label is used for bookkeeping of issues already fixed. |
| Spam | When a finding is marked as spam, it typically refers to the issue reported being irrelevant, low-quality, automated and inappropriate. Both the judge and the sponsor can mark this status for findings. |
| Withdrawn | If the researcher submits an issue and decides to withdraw it for any reason, the finding will be labelled as “Withdrawn”. |